Explore. Connect. Engage.

Title II Administrative Standards

Transaction and Code Set

The Secretary of Health and Human Services is adopting standards for the following administrative and financial health care transactions:

Health claims and equivalent encounter information.

Enrollment and disenrollment in a health plan.

Eligibility for a health plan.

Health care payment and remittance advice.

Health plans premium payments.

Health claim status.

Referral certification and authorization.

Coordination of benefits

Privacy

For the average health care provider or health plan, the Privacy Rule requires activities, such as:

Notifying patients about their privacy rights

How their information can be used.

Limits release of information to the minimum reasonably needed for the purpose of the disclosure.

Gives patients the right to examine and obtain a copy of their own health records and request corrections.

Empower individuals to control certain uses and disclosures of their health information.

Adopting and implementing privacy procedures for its practice, hospital, or plan.

Training employees so that they understand the privacy procedures.

Designating an individual to be responsible for seeing that the privacy procedures are adopted and followed.

Holding violators accountable, with civil and criminal penalties that can be imposed if they violate patients' privacy rights.

Striking a balance when public responsibility supports disclosure of some forms of data - for example, to protect public health.

Securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them.

Security

The proposed security standard addresses the following policies, practices, and procedures:

Organizational Practices

Security and confidentiality policies

Information security officers

Education and training programs

Sanctions

Technical Practices and Procedures

Individual authentication of users

Access controls

Audit trails

Physical security and disaster recovery

Protection of remote access points

Protection of external electronic communications

Software discipline

System assessment

Identifier Standards

This rule proposes a standard for a national employer identifier and requirements concerning its use by health plans, health care clearinghouses, and health care providers. The health plans, health care clearinghouses, and health care providers would use the identifier, among other uses, in connection with certain electronic transactions.
Who must comply with these new HIPAA standards?